GIC api used by NXP SoC is based on:
- arm provided drivers: /drivers/arm/gic
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: If3d470256e5bd078614f191e56062c4fbd97f8bd
NXP General Purpose Input/Output driver support for
NXP platforms.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I9a3574f1d5d12e4a65ff60f640d4e77e2defd6d4
NXP Central Security Unit(CSU) for NXP SoC.
CSU is used for:
- Access permissions for peripheral that donot have their own
access control.
- Locking of individual CSU settings until the next POR
- General purpose security related control bits
Refer NXP SoC manuals fro more details.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I07a4729c79c5e2597f8b2a782e87e09f7f30c2ca
DDR driver for NXP layerscape SoC(s):
- lx2160aqds
- lx2162aqds
- lx2160ardb
- Other Board with SoC(s) like ls1046a, ls1043a etc;
-- These other boards are not verified yet.
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ic84a63cb30eba054f432d479862cd4d1097cbbaf
NXP I2C driver support for NXP SoC(s).
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I234b76f9fa1b30dd13aa087001411370cc6c8dd0
NXP Security Monitor IP provides hardware anchored
- current security state of the SoC.
- Tamper detect etc.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I8ff809fe2f3fd013844ab3d4a8733f53c2b06c81
NXP Security Fuse Processor is used to read and write
fuses.
- Fuses once written, are cannot be un-done.
- Used as trust anchor for monotonic counter,
different platform keys etc.
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I347e806dd87078150fbbbfc28355bb44d9eacb9c
CCN API(s) to be used NXP SoC(s) are added.
These API(s) based on ARM CCN driver
- driver/arm/ccn
CCI API(s) to be used NXP SoC(s) are added.
These API(s) based on ARM CCI driver
- driver/arm/cci
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I7682c4c9bd42f63542b3ffd3cb6c5d2effe4ae0a
NXP TZC-400 API(s) to configure ddr regions are based on:
- drivers/arm/tzc
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I524433ff9fafe1170b13e99b7de01fe957b6d305
NXP Timer Apis are based on:
- drivers/delay_timer
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cbccf4c082a10affee1143390905b9cc99c3382
NXP SoCs, supports two types of UART controller:
- PL011 - using ARM drivers sources
- 16550 - using TI drivers source
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Iacbcefd2b6e5d96f83fa00ad25b4f63a4c822bb4
Generic framework is added to include platform defined UUID.
This framework is added for the following:
- All NXP SoC based platforms needed additional fip-fuse.bin
- NXP SoC lx2160a based platforms requires additional fip-ddr.bin
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ibe05d9c596256e34077287a490dfcd5b731ef2cf
Conditional definition for the macro MAX_NUMBER_IDS.
This will allow to update this definition by the platform
specific implementation.
Since, NXP SoC lx2160a based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
It requires addition of defines for DDR image IDs.
A dedicated header plat_tbbr_img_def.h is added to the platform
folder - plat/nxp/common/include/default/
Inclusion of this header file will depend on the compile time
flag PLAT_TBBR_IMG_DEF.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4faba74dce578e2a34acbc8915ff75d7b8368cee
Incorrect value is picked for TF_MBEDTLS_USE_RSA defination,
even if the TF_MBEDTLS_RSA is enabled.
Due to which PK_DER_LEN is defined incorrectly.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2ca4ca121e0287b88ea689c885ddcd45a34a3e91
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.
NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.
Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
Platforms, which requires additional images to be
verified using TBBR; such that their key certificate
is tied to TRUSTED_KEY_CERT.
For such platforms, if make commands runs twice:
- Once with targets as bl2 & fip.bin, and
- Again to build the target as the additional image.
then, if path to the TRUSTED_KEY_CERT varies in the
makefile with make-target of the additional image, then
there would be two location where "trusted_key.crt" will
be created.
This patch helps overriding the TRUSTED_KEY_CERT from any .mk
in the platform's makefile structure.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I775a2c409035504b21b0bbe5a4f9046898163eed
This works even on SoCs that do not have an ARISC, and it avoids
clobbering whatever ARISC firmware might be running.
Change-Id: I9f2fed597189bb387de79e8e76a7da3375e1ee91
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The devicetree binding document[1] for the /reserved-memory node demands
that the number of address and size-cells in the reserved-memory node
must match those values in the root node. So far we were forcing a
64-bit address along with a 32-bit size.
Adjust the code to query the cells values from the root node, and
populate the newly created /reserved-memory node accordingly.
This fixes the fdt_add_reserved_memory() function when called on a
devicetree which does not use the 2/1 pair. Linux is picky about this
and will bail out the parsing routine, effectively ignoring the
reserved-memory node:
[ 0.000000] OF: fdt: Reserved memory: unsupported node format, ignoring
[1] Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
in the Linux kernel source tree
Change-Id: Ie126ebab4f3fedd48e12c9ed4bd8fa123acc86d3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Adds a number of definitions consistent with the established WaRP7
equivalents specifying number of io_handles and block devices.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: If1d7ef1ad3ac3dfc860f949392c7534ce8d206e3
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I8523f1370312ed22ff7ca710cd916be52f725e3c
TZC400 is configured to raise an interrupt in case of faulty access.
Call the new added tzc400_it_handler, in case this interrupt occurs.
Change-Id: Iaf4fa408a8eff99498042e11e2d6177bad39868c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP15, only filters 0 and 1 are used.
Use TZC_400_REGION_ATTR_FILTER_BIT() macro for those 2 filters 0 and 1
instead of U(3).
Change-Id: Ibc61823842ade680f59d5b66b8db59b6a30080e4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
A new function tzc400_it_handler() is created to manage TZC400
interrupts. The required helpers to read and clear interrupts are added
as well.
In case DEBUG is enabled, more information about the faulty access
(address, NSAID, type of access) is displayed.
Change-Id: Ie9ab1c199a8f12b2c9472d7120efbdf35711284a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Addresses the deprecation warning produced by
drivers/arm/gic/common/gic_common.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: I1a3ff4835d0f94c74b405db10622e99875ded82b
BIT24 of IPI command header is used to determine if caller is
secure or non-secure.
Mark BIT24 of IPI command header as non-secure if SMC caller
is non-secure.
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
FF-A specification states that error codes should be typed int32_t.
SPMD's uses uint64_t for return values, which if assigned with a signed
type would have sign extension, and change the size of the return from
32-bit to 64-bit.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
If a PMIC regulator has its DT node disabled, leave the regulator off.
Change-Id: I895f740328e8f11d485829c3a89a9b9f8e5644be
Signed-off-by: Roman Beranek <roman.beranek@prusa3d.com>
Typically, interrupts for a specific security state get handled in the
same security execption level if the execution is in the same security
state. For example, if a non-secure interrupt gets fired when CPU is
executing in NS-EL2 it gets handled in the non-secure world.
However, interrupts belonging to the opposite security state typically
demand a world(context) switch. This is inline with the security
principle which states a secure interrupt has to be handled in the
secure world. Hence, the TSPD in EL3 expects the context(handle) for a
secure interrupt to be non-secure and vice versa.
The function "tspd_sel1_interrupt_handler" is the handler registered
for S-EL1 interrupts by the TSPD. Based on the above assumption, it
provides an assertion to validate if the interrupt originated from
non-secure world and upon success arranges entry into the TSP at
'tsp_sel1_intr_entry' for handling the interrupt.
However, a race condition between non-secure and secure interrupts can
lead to a scenario where the above assumptions do not hold true and
further leading to following assert fail.
This patch fixes the bug which causes this assert fail:
ASSERT: services/spd/tspd/tspd_main.c:105
BACKTRACE: START: assert
0: EL3: 0x400c128
1: EL3: 0x400faf8
2: EL3: 0x40099a4
3: EL3: 0x4010d54
BACKTRACE: END: assert
Change-Id: I359d30fb5dbb1429a4a3c3fff37fdc64c07e9414
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The UEFI specification details the represenatation
for the EFI_GUID type. Add this representation to the
uuid_helper_t union type so that GUID definitions
can be shared verbatim between UEFI and TF-A header
files.
Change-Id: Ie44ac141f70dd0025e186581d26dce1c1c29fce6
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
The speculation barrier feature (`FEAT_SB`) was introduced with and
made mandatory in the Armv8.5-A extension. It was retroactively made
optional in prior extensions, but the checks in our code-base do not
reflect that, assuming that it is only available in Armv8.5-A or later.
This change introduces the `ENABLE_FEAT_SB` definition, which derives
support for the `sb` instruction in the assembler from the feature
flags passed to it. Note that we assume that if this feature is enabled
then all the cores in the system support it - enabling speculation
barriers for only a subset of the cores is unsupported.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: I978ed38829385b221b10ba56d49b78f4756e20ea
1.Since in mmc_init, the most of mmc_device_info passed in are temporary variables.
In order to avoid referencing the released space on the stack when maybe MISUSED,
it`s better to use global variables to store mmc_device_info in mmc.c
2.Delete redundant;
Signed-off-by: deqi.hu@siengine.com
Change-Id: I51ae90e7f878b19b4963508b3f7ec66339015ebc
Versal is a72 based that's why there is no reason to build low level
assemble code for a53.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Iff9cf2582102d951825b87fd9af18e831ca717d6
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Add a lock and spin lock/unlock calls when accessing the fields of the
SPMD PM structure.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9bab705564dc1ba003c29512b1f9be5f126fbb0d
Remove the former impdef SPMD service for SPMC entry point
registration. Replace with FFA_SECONDARY_EP_REGISTER ABI
providing a single entry point address into the SPMC for
primary and secondary cold boot.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I067adeec25fc12cdae90c15a616903b4ac4d4d83
Pankaj Gupta
Samuel Holland
André Przywara
Ying-Chun Liu (PaulLiu)
Yann Gautier
Olivier Deprez
Jan Kiszka
Madhukar Pappireddy
Tejas Patel
J-Alves
Roman Beranek
Tomas Pilar
Chris Kay
Sandrine Bailleux
deqi.hu
Michal Simek